<?php
	session_start();
	header("Content-type:text/html;charset=utf-8");

	$conn = 	$conn = mysqli_connect('127.0.0.1','root','pwd','admin',3306);//链接数据库('localhost','hotel','vw8jj2','login',3308);//链接数据库
	mysqli_set_charset($conn,'utf8'); //设定字符集

	//用户在表单中输入的内容储存在变量中
	$name=$_POST['admin_name'];
	$pwd=$_POST['password'];
	$yzm=$_POST['yzm'];

	$sql_select="select id,admin_name,password from admin where admin_name= ?"; //从数据库查询信息

	$stmt=mysqli_prepare($conn,$sql_select); //准备执行一个 SQL 语句
	mysqli_stmt_bind_param($stmt,'s',$name); //将变量绑定到准备好的语句作为参数
	mysqli_stmt_execute($stmt);//执行准备的陈述
	$result=mysqli_stmt_get_result($stmt);//从准备好的语句获取结果集
	$row=mysqli_fetch_assoc($result);//从结果集中取得一行作为关联数组,用关键字作为索引

	if($row){
		if ($pwd !=$row['password']|| $name !=$row['admin_name']) {
			echo "<script>alert('密码错误，请重新输入');location='admin_login.html'</script>";
	 		exit;
		}elseif ($_REQUEST['yzm'] != $_SESSION['authcode']) {
			echo "<script>alert('验证码错误，请重新输入');location='admin_login.html'</script>";
	 		exit;
		}else{
			echo "<script>alert('登录成功');location='shop_product.php'</script>";
			$_SESSION['admin_name'] = $name;
			$_SESSION['password'] = $pwd;
		}
	}else{
		echo "<script>alert('您输入的账号不存在');location='admin_login.html'</script>";
	 	exit;
	}
?>








